Russian agent hired alleged Yahoo hacker, Canadian Karim Baratov

The Hamilton man accused of being a co-conspirator in the Yahoo data breach had already been advertising that he was a hacker for hire when he was directly retained, via e-mail, by an officer of the Russian security service, new court documents allege.

The documents, produced in support of a bid by the U.S. government to extradite Karim Baratov, also allege the 22-year-old resident of the Hamilton suburb of Ancaster has been a hacker-for-hire for years, breaching thousands of accounts outside of the Yahoo case and earning $211,000 during a three-year period.

Among the documents filed at the Hamilton courthouse is an affidavit by Detective Constable Burak Inal of the Toronto Police fugitive squad, which arrested Mr. Baratov on Tuesday morning. The affidavit reveals that, after a request from U.S. officials, the RCMP had placed Mr. Baratov under surveillance for at least six days before he was taken into custody.

The court documents state that Mr. Baratov, a Canadian citizen who was born in Kazakhstan, was first contacted in late 2014 by Dmitry Dokuchaev, identified in a U.S. indictment as an officer of Russia’s Federal Security Service (FSB), working in the agency’s Center 18, its centre for information security.

According to recent Russian media reports, Mr. Dokuchaev was a hacker using the alias Forb until he was coerced into working as a computer specialist for the FSB. He was one of four cybersecurity experts Russian authorities arrested in December and accused of treason.

The latest court files do not detail why Mr. Dokuchaev is alleged to have picked Mr. Baratov, who had a highly visible social-media footprint through which he displayed a flashy lifestyle of cigars, fancy cars and Rolex watches.

Mr. Dokuchaev is alleged in the court documents to have used a Yahoo e-mail account to contact Mr. Baratov and hire him to get the log-in information for about 80 accounts belonging to victims of the Yahoo hack.

The victims included a prominent Kazakh banker, Russian government officials and even Russian cybersecurity company officers, the court filings allege.

It is not clear whether police believe Mr. Baratov knew he was communicating with a Russian intelligence agent. Mr. Baratov is alleged to have created phishing e-mails designed to lure the targets into clicking on bogus links and then providing their log-in credentials.

Mr. Baratov would then send a screenshot of the account to his Russian handlers once he had gained access, the documents state, and provided the full log-in to the Russian FSB only after securing payment.

The payments are alleged to have travelled through Web accounts including a PayPal account that links to a Royal Bank chequing account in Mr. Baratov’s name. Between February, 2013, and October, 2016, Mr. Baratov received more than $211,000 via that PayPal account, the court records say, adding, however, that the amounts he is alleged to have earned from the Yahoo scheme are smaller.

The court documents also allege Mr. Baratov shared images of other people’s passport photos, “which triggers the FBI’s concern that Baratov may be trafficking in personally identifiable information harvested from his hack of his victims’ e-mail accounts.”

In describing him as a flight risk, the police affidavit states that Mr. Baratov had been engaged in alleged criminal activity for several years, and allegedly hacked thousands of other accounts unconnected to this case since 2012.

It states that his activities are Web-based and could be taken up anywhere if he went on the run.

“Given the serious nature of his conduct, the public impact of his hacking for hire conduct, his substantial earnings as a result of unlawful hacking, and his ties to foreign intelligence officers with nation state resources at their disposal, he should be arrested on an urgent basis and detained,” the U.S. extradition request says.

“Baratov’s skills are especially concerning. Given the vast scope of his hacking, Baratov has access to the contents of an enormous number of email accounts, not just his own. Accordingly, given his international ties, the international locus of his assets and the portability of his business, Baratov presents a significant flight risk.”

Allegations in the court documents match reports by The Globe and Mail and others that Mr. Baratov operated several Web pages advertising hacking services.

Mr. Baratov appeared in Hamilton court via video on Friday. He was dressed in an orange shirt and stood silently listening to proceedings. The judge turned down a request from his lawyers for a publication ban. Mr. Baratov will have a bail hearing on April 5.

Amedeo Dicarlo, one of Mr. Baratov’s lawyers, said the allegations against his client are unfounded.

“This is an attack by the U.S. government, it’s a challenge by the U.S. government. We are fighting that challenge,” he told reporters outside court before the hearing, The Canadian Press reported.

Bail hearing set for accused Yahoo email hacker Karim Baratov

A Canadian man of Kazakh origins arrested in a massive hack of Yahoo emails appeared briefly via video in a Hamilton court Friday, where a date was set for his bail hearing.

Twenty-two-year-old Karim Baratov is set to return to court for the hearing on April 5.

Baratov did not say anything during his court appearance, looking straight ahead with his hands in front of him.

He was arrested under the extradition act on Tuesday in the Ontario community of Ancaster.

U.S. authorities said on Wednesday that Baratov and three others — including two men alleged to be officers of the Russian Federal Security Service — were indicted for computer hacking, economic espionage and other crimes.

One of Baratov’s lawyers said outside court that the allegations against his client are unfounded.

Amedeo Dicarlo, who spoke to reporters before Baratov’s hearing, said he will fight a push to have his client extradited to the U.S.

“Our essential goal is to get Mr. Baratov out,” Dicarlo said. “This is an attack by the U.S. government, it’s a challenge by the U.S. government. We are fighting that challenge.”

Dicarlo said his client is “healthy” and “confident” but declined to answer questions about Baratov’s personal life or profession, describing him only as an “entrepreneur.”

“I cannot describe what Karim does nor who he is until the time is right,” he said. Baratov’s family is also asking for privacy, he said.

After court, Baratov’s second lawyer, Deepak Paradkar said a date for an extradition hearing has not been set.

He wouldn’t comment on the allegations against his client, nor would he comment on speculation that his client may be a flight risk.

“There’s an indictment that’s filed in the United States,” he said. “It’s pretty extensive. Twenty to 30 charges.”

Paradkar also noted that Baratov is no longer a Kazakh citizen.

U.S. officials have said Baratov also went by the names Kay, Karim Taloverov and Karim Akehmet Tokbergenov.

The three other suspects in the case are Dmitry Aleksandrovich Dokuchaev, 33, Igor Anatolyevich Sushchin, 43, and Alexsey Alexseyevich (Magg) Belan, 29, all Russian nationals and residents. It’s not clear whether they will ever step foot in an American courtroom since there’s no extradition treaty with Russia

Dokuchaev and Sushchin are said to be Russian intelligence agents who allegedly masterminded and directed the hacking, the U.S. Justice Department has said.

The pair allegedly tasked Baratov with hacking more than 80 accounts in exchange for commissions, according to U.S. authorities, who submitted a provisional arrest warrant for Baratov to Canadian authorities March 7.

Yahoo, which is based in California, sent an email in September alerting users that their account information — including email addresses, telephone numbers, dates of birth, passwords and security questions — had been stolen in a cyberattack two years earlier.

The company said at least 500 million user accounts were affected.

Extradition fight for accused in Yahoo hack is ‘political’: Lawyer (The Canadian Press)

Yahoo Mail SCAM - if you get this email, do NOT click on it

NEW SCAM email campaign attempts to trick Yahoo Mail users into giving away their passwords - here’s what to do if you’ve been affected.

Yahoo Mail users are being urged to check their messages carefully after a new scam targeting the service was discovered.

Criminals are targeting users of the popular email platform with professional-looking messages claiming to be from Yahoo.

Express.co.uk was targeted by one of the scam emails, despite not having a Yahoo account - so here’s what you need to look out for.

Yahoo Mail users are being targeted by this new email scam

The email, which included an official Yahoo logo but did not mention a source address, included a correct first name, which may have been enough to convince many potential victims.

However it then went on to mention a fake Yahoo account that had apparently been accessed from, “an unrecognised device in Saudi Arabia”.

The message goes on to advise the victim that if they had not recently tried to log in to their account from this country to click on a link that will allow them to update their account recover information.

However the link within the message simply redirects the victim to a third-party site where their passwords are stolen and sold on.

The message uses official Yahoo imagery, but makes several major errors

The theme of the scam may be timed to coincide with headlines concerning the recent major hack on Yahoo’s services. 

Two Russian spies were today charged as suspects in at least one of a series of hacking attacks on the former internet giant.

A 2013 attack revealed in December affected more than a billion user accounts.

In a separate 2014 attack, disclosed in September, information was stolen from at least 500 million user accounts.

Yahoo Mail has been hit by several major breaches over the past two years, resulting in millions of user accounts being accessed by outside sources.

Around 32 million Yahoo Mail accounts were affected in the most recent attack, with hackers using forged cookies to access Yahoo user accounts without needing a password.

Yahoo has also infamously been hit by other major recent cyber-assaults which saw over a billion Yahoo user accounts compromised.

If you think you’ve been the victim of a cyberattack, check out Express.co.uk’s guide on the next steps to take here.

Microsoft’s latest build of Windows 10 for Insiders fixes some remaining issues

windows build fast ring microsoft logo sign

The latest build of Windows 10 is out for Fast Ring participants in the Windows Insider club, bringing the platform up to Build 15060 on the PC, Windows Insider lead Dona Sarkar said Thursday evening — a bit of polish on an OS update that’s almost ready to roll out the door.

On the features front, there’s nothing new with Build 15060, but that’s to be expected given Microsoft is wrapping up development of Creators Update (Redstone 2). That said, the team is polishing the platform for a general release to all Windows 10 users in April. That includes stomping out troubling issues and making slight improvements prior to Creators Update going gold later this month.

More: RIP Windows Vista: Microsoft is ending support on April 11

The new build fixes seven issues, one of which actually resolved another issue in the process. According to the release notes, the team resolved a problem with the Settings icon on the taskbar that also fixed another visual problem causing the Settings tile on the Start Menu to become grayed out.

Here are the other resolved issues:

Input Method Editors:	Third-party IMEs wouldn’t show up in Settings after installation.
Microsoft Edge:	The MS Pinyin IME would become stuck and a website unresponsive while quickly typing and deleting characters in the website’s search field.
Microsoft Edge:	The browser would fail to launch again after a crash due to previous, suspended instances in the background.
Microsoft Edge:	Problems occurred when exploring pages using the F12 Developer Tools with cross-origin iframes.
Surface Pro 3 / Surface 3:	If the latest drivers and firmware are installed, these devices couldn’t update to a new build with an inserted SD card.
Taskhost:	This executable would crash after pressing Tab while quickly typing in sign-in fields within Universal Windows Platform apps.

As for outstanding issues, there are still six the team needs to address. For instance, there’s a problem with restarting the PC due to a pending update, as the restart reminder dialog doesn’t appear. Until the bug is squashed, Insiders are encouraged to go into Settings > Update & Security > Windows Update to see if they need to restart their PC.

The release notes also point to a gaming-specific problem that’s still outstanding. While broadcasting gameplay, Insiders could see the broadcast live review window flash green on the Game bar. This is only a visual problem on the broadcaster’s end, and only appears on “certain” hardware configurations. It doesn’t affect the quality of the broadcast itself.

Finally, Sarkar warns that if this build fails to install after rebooting the PC, manually reboot the PC again (error 8024a112). If the PC appears to hang after the manual reboot, turn the PC completely off, wait a moment for the RAM to clear, and turn it back on. The install process should move forward after that.

Sarkar had initially noted that builds for Brazil (PT-BR) and Polish (PL-PL) were still forthcoming, pointing out that users would see a message stating that “we will keep trying or you can try again now.” Later Thursday evening those builds were released as well.

Happy testing, Insiders!

Samsung has done the impossible with the Galaxy S8

In the smartphone market, Samsung found success not by differentiating and carving its own path, but by taking a page out of Apple’s playbook. Or should we say, 132 pages. Apple turned the cell phone industry on its head in 2007 when it released the original iPhone. There was certainly no better company to model its devices and strategy after, and Samsung’s sales skyrocketed once it began retooling its devices to look and function more like Apple’s smartphones and tablets.

Samsung still takes pages out of the Apple playbook from time to time — case in point — but it has truly elevated its game in recent years, with several recent generations of flagship phones that contend with the iPhone on every level. There is one are where Samsung flagships have never managed to compete with iPhones, but it looks like that will change with the upcoming new Galaxy S8 and Galaxy S8+.

Don't Miss: There’s a mysterious new Google phone in the works and it isn’t the Pixel 2 or Pixel 2 XL

In just a week and a half, Samsung will unveil its next-generation flagship smartphones at a press conference in New York City. The wait has felt like an eternity considering how long Galaxy S8 details have been leaking. We know almost everything there is to know about the S8 and S8+, including exactly what they look like and when they’ll be released. And now, we know how remarkably powerful these hot new handsets are going to be.

Each year when Samsung launches new Galaxy S phones, they’re instantly become the most powerful widely available Android phones in the world. Note the inclusion of the word “Android,” however. Samsung’s phones are never the most powerful phones, period, because they simply can’t measure up to iPhones in terms of power. Apple’s in-house chips and its silky smooth iOS software reign supreme each and every year until the next new iPhones are released.

This year, however, it looks like things will be different.

Two separate Geekbench 4 benchmark test results for the unreleased Galaxy S8 smartphone appeared on the Primate Labs website on Thursday night. Long story short, they’re very impressive. The S8 managed single-core scores of 1913 and 1978 in the two tests, and the multi-core scores came in at 6119 and 6375.

Both sets of test results come from the international version of the Galaxy S8, which is powered by Samsung’s own Exynos 8895 processor, though earlier test results showed similar performance from the US version of the Galaxy S8+, which is powered by the Qualcomm Snapdragon 835 chipset.

In terms of single-core performance, the Galaxy S8 doesn’t even come close to touching Apple’s latest iPhones — the iPhone 7 Plus racks up a score of nearly 3500. But in multi-core Geekbench 4 tests, the S8 handily beats the latest iPhones, which always score under 5800.

This is a big victory for Samsung on paper, but it remains to be seen how it will translate as far as real-world performance. As we’re sure you’ll recall, earlier Samsung phones have come close to matching Apple’s iPhones on paper, but iPhones absolutely obliterate Galaxy phones in performance tests that gauge real-world power and speed.

Canadian 22-year-old Karim Baratov charged in Yahoo hacking

Karim Baratov stood out in the quiet Hamilton suburb where he lived: a 22-year-old who owned his own home, cruised around the neighbourhood in luxury cars and claimed to be a millionaire.

He credited it all to hard work and entrepreneurship, while on his street there were rumours he had sold a successful Internet company for an eight-figure sum.

Neighbour says alleged Yahoo hacker was ‘quiet’ (The Canadian Press)

On Wednesday, the U.S. government accused him of playing a role in one of the world’s largest digital-espionage operations: Court documents said Russian spies paid him to hack into the e-mail accounts of politicians, civil servants and business people around the world. 

A two-year FBI investigation alleges agents from Russia’s Federal Security Service (FSB) teamed up with a Russian hacker to steal the subscriber information of 500 million Yahoo users. It says they used it to break into the e-mails of hundreds of targets in several countries, including corporate and political leaders and journalists critical of the Russian government.

The Kazakh-Canadian Mr. Baratov was hired to hack some of these e-mails and pass the log-in information to the FSB, which paid him $100 (U.S.) for each address, the FBI alleges.

The case comes amid some of the highest tensions between the United States and Russia since the end of the Cold War, and questions about connections between U.S. President Donald Trump’s circle and the Kremlin, which hacked and leaked e-mails about the Democratic Party last fall to help tip the election toward Mr. Trump.

Acting Assistant Attorney-General Mary McCord underlined these tensions on Wednesday announcing the charges in Washington.

“We will not allow individuals, groups, nation states or a combination of them to compromise the privacy of our citizens, the economic interests of our companies, or the security of our country,” she told reporters.

Mr. Baratov was the only member of the alleged spy operation arrested. Toronto Police took him into custody at 8:05 a.m. on Tuesday in the Ancaster area of Hamilton, police spokesman Mark Pugash said. Mr. Baratov was arrested on a U.S. warrant and turned over to the RCMP.

Mr. Baratov faces four charges that carry sentences ranging from two to 20 years in prison: conspiring to commit access device fraud, conspiring to commit wire fraud, aggravated identity theft and conspiring to commit computer fraud and abuse.

Three other people – FSB agents Dmitry Dokuchaev, 33, and Igor Sushchin, 43, and Russian hacker Alexsey Belan, 29 – also face charges, but are in Russia and beyond Washington’s reach.

According to an indictment unsealed on Wednesday, the men at the centre of the operation are Mr. Dokushaev and his superior, Mr. Sushchin, both officers in the FSB’s cyberintelligence department, Section 18. The pair is alleged to have enlisted Mr. Belan, starting in 2014, to hack Yahoo. They got into the Internet company’s user database and stole information about hundreds of millions of people with Yahoo accounts.

Along the way, Mr. Belan made some extra money for himself by manipulating Yahoo’s search results to direct people to an online pharmacy selling erectile-dysfunction medication, which paid him a commission, investigators say.

Mr. Dokuchaev and Mr. Sushchin used the information stolen from Yahoo to get into the e-mail accounts – some Yahoo, others on Gmail and other providers – of hundreds of powerful people, the FBI says.

The targets included U.S. government employees – cybersecurity officers, diplomats and military personnel – employees of French and Russian transportation companies, an investigative reporter with Kommersant Daily, a U.S. financial-services firm, a Nevada gambling official and a senior officer with a U.S. airline.

The agents were particularly keen to hack executives and board members of a Russian investment bank where Mr. Sushchin was “embedded,” the FBI said.

Mr. Dokuchaev is accused of bringing in Mr. Baratov to help with the hacking. How they are alleged to have connected is not clear.

The FBI says Mr. Dokuchaev gave Mr. Baratov a list of 80 e-mail accounts he wanted hacked. When Mr. Baratov cracked an account, he would receive $100 in exchange for the log-in, the indictment says.

Among the people he is accused of hacking are an official with the International Monetary Fund, an aide to a Russian deputy prime minister, a cybercrime investigator in the Russian government and a senior official at a Russian transport company.

Investigators say Mr. Baratov used spear phishing – tricking a target to open an attachment on an e-mail that installs malware on their computer.

None of the people or organizations hacked are named in the indictment.

During the two years he is accused of having been involved with the FSB, Mr. Baratov appears to have done well for himself.

Property records show he bought a $642,000 house on Chambers Drive in a new subdivision in Ancaster. Photographs on a real estate website show a roomy home with high ceilings, hardwood floors and neoclassical pillars. Earlier this week, the house was listed for sale at nearly $1-million.

According to friends and acquaintances and posts on social media, Mr. Baratov drove several fancy cars, including a Mercedes – licence plate “KARRRIM” – an Aston Martin, a BMW and a Lamborghini.

The U.S. indictment said the government is looking to seize an Aston Martin with “MR KARIM” vanity plates and a PayPal account registered to “Elite Space Corporation.”

On Facebook, Instagram and AskFM, Mr. Baratov portrayed himself as a hard-working computer whiz and entrepreneur who was a millionaire in his teens.

“I started when I was 12, at 14 I was making more than both of my parents combined. At 15 I got my first million,” he wrote. In another post, he chalked up his wealth to “hard work” and said he used “computer skills” to build successful businesses.

In a post last month, Mr. Baratov wrote that in 2013, “I got suspended from school for a few weeks for threatening to kill my ex-friend as a joke.” He said he used the time to work on “projects” and “really move my businesses to the next level.”

Mr. Baratov’s house is co-owned with an older couple, 56-year-old Akhmet Tokbergenov and 46-year-old Dinara Tokbergenov. Calls to a phone number linked to Mr. Tokbergenov were not answered, and his relationship to Mr. Baratov could not immediately be confirmed. U.S. investigators said Mr. Baratov used aliases, including Karim Akehmet Tokbergenov, and Kay and Karim Taloverov.

At another address believed to be the family home, a few minutes from Mr. Baratov’s digs, a man and a woman drove up in a white Mercedes SUV and pulled into the garage without stopping to speak on Wednesday.

The registered owner of the house is Mr. Tokbergenov. A neighbour said the couple live there with a daughter in her late teens or early 20s.

Eric Goforth, a McMaster student who lives in a neighbouring house, said he shovelled the driveway alongside Mr. Tokbergenov early on Tuesday morning, around the time Mr. Baratov was arrested. He said they exchanged cheerful pleasantries and chatted about the weather, as they often did, and nothing seemed amiss.

“It was really normal and friendly,” Mr. Goforth said.

He identified Mr. Tokbergenov as Mr. Baratov’s father. Another neighbour said Mr. Tokbergenov told him he had an import sales business and came from a country near Russia.

Titanic sank due to enormous uncontrollable fire, not iceberg, experts claim

© Provided by Independent Print Limited  

The sinking of the RMS Titanic may have been caused by an enormous fire on board, not by hitting an iceberg in the North Atlantic, experts have claimed, as new evidence has been published to support the theory.

More than 1,500 passengers lost their lives when the Titanic sank on route to New York from Southampton in April 1912.

While the cause of the disaster has long been attributed to the iceberg, fresh evidence has surfaced of a fire in the ship’s hull, which researchers say burned unnoticed for almost three weeks leading up to the collision.

The sinking of the RMS Titanic may have been caused by an enormous fire on board, not by hitting an iceberg in the North Atlantic, experts have claimed, as new evidence has been published to support the theory.

More than 1,500 passengers lost their lives when the Titanic sank on route to New York from Southampton in April 1912.

While the cause of the disaster has long been attributed to the iceberg, fresh evidence has surfaced of a fire in the ship’s hull, which researchers say burned unnoticed for almost three weeks leading up to the collision.

While experts have previously acknowledged the theory of a fire on board, new analysis of rarely seen photographs has prompted researchers to blame the fire as the primary cause of the ship’s demise.

 

Journalist Senan Molony, who has spent more than 30 years researching the sinking of the Titanic, studied photographs taken by the ship’s chief electrical engineers before it left Belfast shipyard.

Mr Maloney said he was able to identify 30ft-long black marks along the front right-hand side of the hull, just behind where the ship’s lining was pierced by the iceberg.

He said: “We are looking at the exact area where the iceberg stuck, and we appear to have a weakness or damage to the hull in that specific place, before she even left Belfast”.

Experts subsequently confirmed the marks were likely to have been caused by a fire started in a three-storey high fuel store behind one of the ship’s boiler rooms.

The unbelievable race to build more than one Titanic 2

A team of 12 men attempted to put out the flames, but it was too large to control, reaching temperatures of up to 1000 degrees Celsius.

Subsequently, when the Titanic struck ice, the steel hull was weak enough for the ship’s lining to be torn open.

Officers on board were reportedly under strict instruction from J Bruce Ismay, president of the company that built the titanic, not to mention the fire to any of the ship’s 2,500 passengers.

Presenting his research in a Channel 4 documentary, Titanic: The New Evidence, broadcast on New Year’s Day, Mr Maloney also claims the ship was reversed into its berth in Southampton to prevent passengers from seeing damage made to the side of the ship by the on-going fire. 

Mr Molony said: “The official Titanic inquiry branded [the sinking] as an act of God. This isn’t a simple story of colliding with an iceberg and sinking. 

“It’s a perfect storm ox extraordinary factors coming together: fire, ice and criminal negligence.

“Nobody has investigated these marks before. It totally changes the narrative. We have metallurgy experts telling us that when you get that level of temperature against steel it makes it brittle, and reduces its strength by up to 75 per cent.

“The fire was known about, but it was played down. She should never have been put to sea.”

In 2008, Ray Boston, an expert with more than 20 years of research into the Titanic’s journey, said he believed the coal fire began during speed trials as much as 10 days prior to the ship leaving Southampton.

He said the fire had potential to cause “serious explosions” below decks before it would reach New York.

An inquiry into the disaster, presented to Parliament in 1912, described the ship as travelling at “high speed” through dangerous icy waters, giving the crew little opportunity to avoid the fatal collision.